6 Common Workplace Scams You Should Know About

According to recent statistics, the overall crime rate in Singapore fell in 2016, however, there was an increase in the number of people who fell victim to scams.

What can be done to prevent your organisation falling victim to one of these scams? Here are 6 common scams in the workplace and how you can spot them.

1) CEO Spoofing

In September 2016, a man in Kansas sent a spoof email that appeared to come from the CEO of a construction company to county employees, requesting a payment, resulting in the scammer wrongfully receiving USD566,000. This is a perfect example of CEO spoofing, where the perpetrator claims to be a CEO and makes an urgent payment request outside of normal procedures.

The best way to spot a scam like this is to note how the email was written. Fraudulent emails like these almost always include an uncommon payment request. Be sure to double check invoice details and have a payments process in place to check for discrepancies.

2) Email Scams

In 2016, businesses in Singapore lost around SGD19 million after falling for email scams, involving perpetrators using seemingly genuine email accounts to ask victims for money. In a case in America, a county school district employee received an email purporting to be from the superintendent, asking for financial information of almost 8,000 employees, which was provided to the scammers.

Employees should beware of unsolicited emails that require clicking unknown links. Read emails like these thoroughly and look for grammar mistakes as well as inconsistencies.

3) Invoice Scams

In the case of an invoice scam, fraudsters research a company to learn which suppliers are used and when regular payments are due, in order to divert the payment to themselves. In 2016, Matel fell victim to this when a finance executive unknowingly transferred close to USD 3 Million to fraudsters.

The easiest way to spot an invoice scam is to watch for small discrepancies in invoices, such as a different address. Another good step to take is to implement a standard accounts payable process so all invoices are validated before a mistake can be made.

4) Text Messages

Also known as smishing or SMSishing, text scams are messages individuals receive that mimic an official text message from a trusted organisation. They usually notify the recipient of an account fraud or personal issue, such as being locked out of their account, which leads to them having to key in private information.

The best way to know when the text message you’ve received is a scam, is to take note of the context of the message. If it requires personal details, there is a high chance that it is a scam.

5) Internet Scams

This is a type of scam most Internet users today have been exposed to: the fake pop-up. The pop-up sends a ‘scam’ alert message, urging you to click on a link which will then send you to a fake website requesting your personal information, or enabling malware to be downloaded.

Always be cautious when prompted to click through to another website from a pop-up. Verify the legitimacy of the website and links before proceeding.

6) Phone Scams

Though most of these scams are aided by the internet, phone scams – called ‘vishing’- are still popular too, especially in Singapore. In these cases, a fraudster calls claiming to be from a trusted organisation. Fraudsters might even research basic bank details and personal information to seem even more credible.

If a caller requests your personal details over the phone, such as PIN numbers or banking passwords, this should be an immediate red flag. Call the bank’s general hotline and verify with them that the phone call you received is legitimate before handing over any private information.

Protect your workplace by encouraging employees to always be on the look-out for potential scams and providing ongoing security training. Conduct a security risk assessment to learn areas of risk in your workplace and improve your information security best practices.

ABS CertifiedShred-it has been certified by the Association of Banks in Singapore (ABS) as an approved outsourced service provider. OSPAR (Outsourced Service Provider’s Audit Report) assesses control and governance, and standardises requirements and auditing processes for firms providing services to the financial industry, confirmed by an annual independent audit.

NAID MemberShred-it Singapore is a NAID Member, adhering to the stringent security practices and procedures established by the National Association for Information Destruction.